Clickjacking - Black Hat 2010
14 April 2010
Paul Stone, a consultant at Context, has conducted research into Clickjacking and produced a white paper which was premiered at Black Hat 2010, in a talk of the same title – Next Generation Clickjacking.
Clickjacking is a term first introduced by Jeremiah Grossman and Robert Hansen in 2008 to describe a technique whereby an attacker tricks a user into performing certain actions on a website by hiding clickable elements inside an invisible iframe.
Although it has been two years since the concept was first introduced, most websites still have not implemented effective protection against clickjacking. In part, this may be because of the difficulty of visualising how the technique works in practice.